Password Do's and Don'ts
Now I am not naive enough to believe that you will follow all of the advice that I am listing here. However, if you are sincere in wanting to create good passwords, follow the following advice.
Do:
- Do: Use BOTH upper- and lower-case letters.
- Do: Use numbers and punctuation marks. The more randomly you place them in your password, the better.
- Do: Make your password between 8 to 20 characters long. The longer and more complex it is, the harder it is to crack.
- Do: Use at least one of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘ .
- Do: Make your password easy to remember, so you won’t have to write it down. You need it to be easy for you to remember, but hard for anyone else to guess.
- Do: Create different passwords for different accounts and applications.
- Do: Change your passwords regularly, about every 6 months.
- Do: Keep them to yourself. Avoid giving out your password to others. Once it’s out of your control, so is your security.
- Do: Consider using a phrase or a song title as a password. This may help you to easily remember your password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells Like Teen Spirit” becomes “sMll10nspT.”
- Do: Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.
Don’t:
- Don’t: Use the same password for different accounts or applications. If one account is breached, the others will be at risk as well.
- Don’t: Create a password using your name in any form (reversed, capitalized or doubled).
- Don’t : Use your name, Social Security number or any other personal information that could identify you. This means pet names, girlfriend/boyfriend names, birth dates, phone numbers, license plates, car models or addresses.
- Don’t: Use any word found in a dictionary longer than three letters. Hackers use automated programs to crack passwords using special programs that scan for any word found in a dictionary. This includes any word spelled backwards.
- Don’t: Use numbers in place of letters. For example, “Password” becomes “Pa55w0rd.” Dictionary programs are also equipped to combat this technique.
- Don’t: Create a password of keys next to one another on the keyboard (asdfghjkl) or all one letter or number (aaaaaaaa or 444444444).
- Don’t: Use dates to create a password (for example, AUguST2001).
- Don’t: Re-use any of your last 10 passwords.
- Don’t share your password with others.
- Don’t: Write them down and store them near your computer. It’s like a key under a welcome mat. It’s the first place someone might look.
- Don’t: Provide your password—or any of your sensitive or confidential information—over e-mail or instant message. Think of an e-mail message or IM like a postcard. The information can be seen while it’s traversing the Internet. Also, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent.
- Don’t: Enable the “Save Password” option if prompted to do so. Pre-saved passwords will make it easy for anyone else using your computer to access your accounts.
- Don’t: Walk away from a shared computer without logging off. This will ensure no other users can access your accounts.
- Don’t: Use sample passwords given on different Web sites.